hpgetent man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

HPGETENT(1)							   HPGETENT(1)

       hpgetent - Generate reports and validate winbind users and groups data.

       hpgetent [dataqbase][key...]


       hpgetent -d 1-10]

       hpgetent -Ud 1-10][-V][-v][-D domainname or []]

       hpgetent -Pd 1-10][-V]

       hpgetent -Gd 1-10][-v][-V][-D domainname or []]

       hpgetent -u username or UID[-d 1-10][-x][-v][-V][-w][-m][-s][-q]

       hpgetent -g groupname or GID[-d 1-10][-x][-v][-V][-w][-m][-s]

       This tool is part of the CIFS WTEC Support Tools suite.

       hpgetent	 is  a program written to provide users and groups reports not
       available through other tools.  Although it  contains  winbind-specific
       features,  it  is designed to provide reports for non-winbind name ser‐
       vices as well.  Options can be provided to a single  command  line  for
       various levels of details, often eliminating the need for multiple com‐
       mands.  It uses the HP-UX name service backends to gather details  when
       possible.   wbinfo  is  called to confirm that HP-UX name service func‐
       tions return all the names reported in the winbind database. It is also
       called  when  winbind enumeration is disabled to gather information not
       available through the name service function calls.

       -      When no primary parameter [P,U,G,u,g] is provided, hpgetent  re‐
	      ports  user  account details and group memberships from the ses‐
	      sion issuing the command.

       -d [1-10] <P|U|G|u|g||>
	      This parameter turns on the specified level of  debugging.  Log‐
	      ging  is	done to stdout.	 Levels 1 and 2 can be useful for some
	      winbind troubleshooting while levels 3 - 10 are more useful  for
	      debugging	 issues	 in hpgetent.  Using any debug level will pre‐
	      vent temporary files, containing	the  output  of	 testparm  and
	      wbinfo  calls,  from being removed at the completion of the pro‐

       The following is a brief description of the logging done at the	speci‐
       fied level.

	      1	     Report unique printf numbers for all print statements.

	      2	     Report  wbinfo and testparm commands plus extra error in‐

	      3-5    Key variables.

	      6	     Function entry and exits.

	      7,8    More variables.

	      9,10   Compare and loop variables.

       -P     This parameter reports configured winbind parameters from	 test‐
	      parm  and	 the  current  running status of winbind including the
	      last idmap entries for the users and groups. LDAP parameters are
	      included in the report if the LDAP backend is used.

       -U     This  option  displays all users reported by the HP-UX name ser‐
	      vice functions.  It can be limited  to  a	 specified  domain  by
	      adding the "-D domain" parameter.	 When winbind user enumeration
	      is disabled, the -w option can be added  to  enable  enumeration
	      through checking all used UIDs in the idmap range.  NOTE: Adding
	      the "-w" option can take a long time when checking  large	 data‐
	      bases.   It  will	 stop  looking when it finds 25 unassigned en‐
	      tries.  Adding the "-d1" option can be useful to see entries  no
	      longer assigned.

       -G     This option causes all groups to be reported.  It can be limited
	      to a specified domain by adding the "-D domain" parameter.  When
	      winbind  groups  enumeration is disabled, the "-w" option can be
	      added to enable enumeration through checking all	assigned  GIDs
	      in  the  idmap  range.  NOTE:  Adding the "-w" option can take a
	      long time in large datebases.  hpgetent stops checking GIDs when
	      it  finds 25 unassigned entries.	Adding the "-d1" option can be
	      useful to view entries without valid assigned groups.

       -D [domain_name] or [] <|U|G|>
	      This option is used to limit users  or  groups  reports  to  the
	      specified domain.	 Using "[]" in place of the domain name causes
	      the report to be limited to the local domain.  This includes all
	      users  or groups where there is no preceding domain name includ‐
	      ing entries returned from files or winbind users	in  the	 local
	      domain when "winbind use local domain = yes" and winbind enumer‐
	      ation is enabled.

       -q <|u|>
	      This option is used to add quota information  to	the  user  de‐

       -u [username] or [UID]
	      This  option  causes hpgetent to report details about a specific
	      user account.  hpgetent uses HP-UX  name	service	 functions  to
	      find  the specified username or UID.  If a number is entered and
	      it is a valid UID, it will use getpwuid(),  if  it  couldn't  be
	      found,  the -w option is specified and the UID is in the winbind
	      range, then it will check winbind for  the  UID.	 If  it	 still
	      isn't  found,  it	 will  check  if the number is a valid winbind
	      name.  Windows accepts user accounts of all numbers.  getpwnam()
	      is  called  if  the username isn't a valid UID.  If the username
	      entered doesn't contain a prepended domain name and the  -w  op‐
	      tion  is	specified,  hpgetent prepends the local winbind domain
	      name for the winbind search except when "winbind use default do‐
	      main = yes".

       -g [groupname] or [GID]
	      This  option  causes gegetent to report details about a specific
	      group.  Searching for the GID or group name is similar  to  what
	      is described above for users.

       -m <|u|g|>
	      This  option  causes  the members of a group to be included with
	      the group details when used with the -g option.  When used  with
	      the  -u  option  the groups that the user is a member of are in‐
	      cluded in the detailed user report.  Adding this option is not a
	      trivial search when combined with the -w option, especially when
	      winbind enumeration is disabled.	Getting the groups that a user
	      is a member of is especially complex and is not recommended with
	      the -w option unless the winbind databases are  quite  small  or
	      winbind user and groups enumeration is enabled.  hpgetent checks
	      primary group IDs as part of the members check.

       -w <|u|g|U|G|>
	      This option is used to allow hpgetent to query the winbind data‐
	      base directly using wbinfo.  This is useful when winbind enumer‐
	      ation is disabled or if there is a question if all UIDs or  GIDs
	      are being returned when using the -G or -U parameters.

       -v <|U|G|>
	      This option is used to validate data from the HP-UX name service
	      backend.	hpgetent performs a getpwuid() or getgrgid()  of  each
	      ID  in  the  appropriate	winbind idmap range.  If an ID doesn't
	      produce a valid username or groupname, wbinfo is called with the
	      ID  to  check  if	 it can be found in the winbind database.  All
	      discrepancies are noted in the report.

       -S <|U|G|u|g|>
	      This option causes SIDs to be reported  for  winbind  users  and
	      groups.  The wbinfo program is used to get the SIDs.

       -s <|U|G|u|g|>
	      This  option  causes  output  to be reported in script friendly,
	      /etc/passwd or /etc/group format.	 The user can use the -d1  op‐
	      tion to see any errors reported.

       -x     This  option  causes hpgetent to search for and report duplicate
	      usernames or groupnames.	It also handles the corner case	 of  a
	      Windows  name  made up of number characters that matches a valid
	      UID or GID.  NOTE:  These searches will take  an	extended  time
	      since  all  entries  of  all  name  service  databases  must  be
	      searched.	 This can come in handy since Windows names  are  case
	      insensitive  and	HP-UX  names are case sensitive increasing the
	      likelihood of a duplicate name.

       -V <|U|G|u|g|P|>
	      This option causes hpgetent to report hpgetent version  informa‐
	      tion in the reported output.

       If "\" is used as the winbind separation character, the user should use
       "\\" as the separator in the hpgetent command.	hpgetent  will	handle
       all internal calls wbinfo and the name service functions appropriately.

       The  hpgetent program uses wbinfo -r to enumerate the groups a user be‐
       longs to if winbind groups enumeration is disabled.  If enumeration  is
       enabled	and  the  -wvmu [username] options are used, hpgetent verifies
       the list of groups returned by the HP-UX name service functions by also
       listing the groups returned by wbinfo -r.

       When  switching	from  enumeration  disabled  to enumeration enabled or
       vice-versa, winbind needs to be restarted.  After  restarting  winbind,
       it can take some time for changes to be reflected properly.

	      1)   The	session	 permissions  must allow the use of the wbinfo

	      2)  The session must have permissions to read and	 write	tempo‐
	      rary  files  to  /tmp.  These files will be removed when exiting
	      the program unless the -d option is used.

	      3)  wbinfo and testparm must be in /opt/samba/bin

	      4)  Reporting quotas requires the proper permissions to run  the
	      quotactl()  system  call. Use "man quotactl" for more details on
	      this function.

       hpgetent passwd			=  hpgetent -swU

       hpgetent group			=  hpgetent -swG

       hpgetent passwd win_dom+tuser1	=  hpgetent -su win_dom+tuser1

       The [database][key] format is included to be compatible with the	 linux
       getent  program.	 The output is also compatible.	 The option format of‐
       fers greater customization and features.

       The first two commands above show how to request	 all  users  then  all
       groups.	 The  -s option indicates to report all entries in /etc/passwd
       or /etc/group format and the -w option indicates to use wbinfo.	The -w
       option  is needed if winbind enumeration is disabled, or if the user is
       also interested in finding any winbind users that are not  reported  by
       the HP-UX name service backends.

       In  the	third command shown above, the "win_dom" is the Windows domain
       name, the "+" character represents the winbind separation character and
       "tuser1"	 represents a username for which the details are desired.  The
       -s option indicates that the report should be formatted in  /etc/passwd

       wbinfo(1), winbindd(8), testparm(1), smb.conf(5), getgrent(3C), getp‐
       went(3C), quota(5), quotactl(2)

       Lance Swift, HP WTEC NOS Support Team


List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net